8_WebDhcpNtpNat

TCP/IP Essentials A Lab-Based Approach

Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li

Chapter 8 The Web, DHCP,

NTP and NAT

Panwar, Mao, Ryoo, Li: TCP/IP Essentials 2

World Wide Web (WWW)

n  The first WWW browser was written by Tim Berners-Lee in 1990.

n  The popularity of WWW resulted in the exponential growth for the Internet.

n  In WWW, information is typically provided as Hyper Text Markup Language (HTML) files (web pages).

n  WWW resources are specified by Uniform Resource Locators (URL).


URL n A standard scheme for compactly identifying any

document on any Web server n  Components:

¨ A protocol name: http, rtp, rtsp ¨  :// ¨ A server domain name or server IP address ¨ A path to a resource ( an HTML file or a CGI script)

http://[email protected]:999/ee-dept/event.html

Service Type: http, telnet, ftp, gopher, …

System Name

Port Number: specified if non-default port is used

File Name

Path Name


HyperText Transfer Protocol (HTTP) n Application layer protocol n Distributes information in the WWW n Based on the client/server architecture

¨ HTTP client (web browser): sends a request to a server for a file ¨ HTTP server (web server): well-known port number 80, responds

with the requested file if it is available ¨ A single TCP connection is used

Network IP

TCP

web browser HTTP

Network IP

TCP

web server HTTP

request

response


HTTP Messages n  English-based and flexible, not code-based as

lower layer protocols n  Components of an HTTP message:

¨ A start-line ¨ Optional headers, each has a header name and a

value ¨ A blank line (a “\r\n” only) ¨ The requested file or other data in an HTTP response.


HTTP Request Message n  Request Line:

¨  Request Type ¨  URL ¨  HTTP version

n  Optional Headers ¨  Header name ¨  Value

n  A blank line

The Request Type defines methods in messages §  GET, HEAD – retrieve a full document or some info about a document from the

server §  PUT, PATCH – provide a new/replacement document or a list of difference to

implement in an existing document to the server §  COPY, MOVE, DELETE – copy, move, or delete a document §  … …


HTTP Response Message n  Status Line:

¨ HTTP version ¨ Status Code ¨ Status phrase

n  Optional Headers ¨ Header name ¨ Value

n  A blank line n  Data Body

§ The Status Code is similar to those in the FTP and the SMTP protocol with 3 digits

§ The Status Phrase explains the status code such as continue, switching, OK, accepted, no content, multiple choices, bad request, unauthorized, forbidden, not found, internal server error, service unavailable, … …


HTTP TCP Connections

n  The client first establishes a TCP connection to the server before an HTTP request

n  The server may terminate the TCP connection after the HTTP response is sent

n  For embedded objects in a HTML file ¨  The client sends a request for each embedded object ¨  In HTTP/1.0, the client establishes a TCP connection for each

request, not efficient for a file with many embedded objects ¨  In HTTP/1.1, persistent connections are supported

n  All embedded objects are sent through the TCP connection established for the first request

n  Both the client and server have to enable the persistent connection feature


HTTP Requests & Responses

¨  HTTP has four stages: Open, Request, Response, Close ¨  A TCP session for HTTP/1.0 does not stay open and wait for

multiple requests/responses – not efficient when HTML file has many embedded objects like pictures

¨  HTTP/1.1 supports persistent connections that allow all the embedded objects sent through the same TCP connection

Network

IP

TCP

web browser

HTTP

Network

IP

TCP

web server

HTTP request

response

open

opened

close

closed


HTTP Proxies

n  Proxy server acts as both a client and server ¨  receiving client’s initial requests, translating requests, passing

requests to other servers n  Proxies can be used with firewalls to block undesired traffic n  Cache feature of a Web proxy server reduces network traffic by

saving recently viewed pages on the disk driver

Network IP

TCP

web browser HTTP

request

response

Network IP

TCP

web server HTTP

Cache Network

IP

HTTP TCP

proxy request

response


Common Gateway Interface (CGI) n  CGI is a technology that creates and handles dynamic

documents n  Dynamic web pages provide a two-way communication

between web clients and servers: on-line opinion poll, e-commerce

n  CGI uses two files ¨  An HTML form, for a user to input data ¨  A CGI script,

n  processing user input data and generating a response dynamically

n  Any program that can read input from the standard input (STDIN) and write output to the standard output (STDOUT) can be used as CGI script


CGI Operations

n  A user downloads the HTML form (consisting of text inputs, checklists, and buttons), inputs data, and submit the data

n  A web server invokes the CGI script n  The web server returns the CGI response to the client

(3) Response created by CGI

(1) HTML form for user input data

Client

(2) CGI script is invoked to generate a response based on the input data

Server


Apache Web Server

n  The Apache server is the most popular web server in the Internet, according to the web server survey from Netcraft.

n  Apache server is an open source software.

n  Apache is a process-based web server ¨  Stable, other child processes won’t be affected when one child

process crashes ¨  Scalable, allowing more client requests to be processed

simultaneously


DHCP n  Dynamic Host Configuration Protocol (DHCP) is

designed, to dynamically configure TCP/IP hosts in a centralized manner from DHCP server.

n  DHCP server maintains a collection of configuration parameters, such as IP addresses, subnet mask, default gateway IP address, to make a configured host work in the network.

n  A DHCP client queries the server for the configuration parameters.

n  The DHCP server returns configuration parameters to the client.


DHCP n  DHCP can provide persistent storage of network

parameters for the clients ¨  A client can be assigned with same set of parameters whenever

it bootstraps, or is moved to another subnet ¨  The DHCP server keeps a key-value entry for each client and

uses the entries to match queries from the clients ¨  The entry could be a combination of a subnet address and the

MAC address (or domain name) of a client n  DHCP can also assign configuration parameters

dynamically ¨  The DHCP server maintains a pool of parameters and assigns

an unused set of parameters to a querying client ¨  A DHCP client leases an IP address for a period of time. When

the lease expires, the client may renew the lease, or the IP address is put back to the pool for future assignments


DHCP Operations n  When two DHCP servers are used

§  A client first broadcasts a DHCPDISCOVERY message on its local physical network during bootstrapping. §  The message may be forwarded by relay agents to servers in other

physical networks. §  Each server may respond with a DHCPOFFER message with

an available network address in the Your IP Address field.



§  The client may receive more than one DHCPOFFER messages. ¨  It chooses one server from all responding servers based on the

configuration parameters offered. ¨  The client then broadcasts a DHCPREQUEST message with the

Server Identifier option to indicated the selected server.



§  When the DHCPREQUEST message is received, only the chosen server responds with a DHCPACK message carrying a full set of configuration parameters to the client. ¨  When the client receives, it checks the parameters and configures

its TCP/IP modules using the parameters. ¨  The message specifies the duration of the lease. When the lease

expires, the client may ask the server to renew it. Otherwise, the address will be put back in the pool or assigned to other hosts.



§  The client may send a DHCPRELEASE message to the server to relinquish the lease on the network address.


DHCP Message Format


DHCP Message Fields

n  Opcode ¨  1 means a boot request from client ¨  2 means a boot reply from server

n  Hardware Address Type ¨  The values are defined in the “Assigned Numbers” RFC ¨  The value is 1 for an Ethernet MAC address

n  HW address length ¨  The length of the hardware address

n  Hop count ¨  Optionally used by relay agents ¨  A relay agent is a host or router that forwards DHCP

messages between DHCP clients and servers


DHCP Message Fields n  Transaction ID

¨  Randomly assigned to link requests and replies between a client and a server

n  Number of seconds ¨  Elapsed time in seconds since the client began an address

acquisition or renewal process

n  Flags ¨  Broadcast flag, the leftmost bit. Used when a client cannot

receive a unicast IP datagram before its interface is configured ¨  Remaining 15 bits must be 0 (reserved for future use)


DHCP Message Fields

n  Client IP address ¨  Use when the client is in BOUND, RENEW, and REBINDING

state and can respond to ARP requests

n  Your IP address ¨  client’s IP address from DHCP server

n  Server IP address ¨  the IP address of the next server to use in bootstrap

n  Relay agent IP address ¨  used when booting via a relay agent


DHCP Message Fields

n  Client Hw address ¨  The hardware address of the client ¨  For an Ethernet address, the first 6 bytes are filled and the

remaining bytes are set to 0

n  Server hostname ¨  Hostname of the DHCP server

n  Boot filename: ¨  Use in a DHCPOFFER message to specify the fully qualified,

null terminated path name of a file to bootstrap from

n  Options ¨  optional vendor specific field


DHCP Configuration

n  An example of a DHCP server configuration file


Network Time Protocol (NTP)

n  Accurate timing is important in network design, management, security, and diagnosis.

n  NTP is an application layer protocol, with UDP or TCP port 123, used to ¨ Provide accurate timing in the network ¨ Synchronize routers, hosts, and other network

devices


NTP Timing Service n  NTP timing service uses a hierarchical architecture

organized into 16 stratums ¨  An NTP primary server, or stratum-1, is synchronized with a high

precision clock ¨  About 175,000 hosts running NTP in the Internet, over 300 valid

stratum-1 servers ¨  Each server chooses one or more higher stratum servers and

synchronizes with them


NTP Operation Modes

n  Clients and servers can operate in the multicast or broad cast mode. ¨  Timing information is broadcast or multicast by the servers. ¨  A client can proactively poll the servers for timing information.

n  NTP client synchronize with a server in two ways ¨  Query time information from and synchronize to a remote NTP

server ¨  Synchronize with a remote server continuously and automatically


Network Address Translator

n Mapping one set of IP addresses (usually private) to another set of IP addresses (usually public).

n Used for: ¨ Security: internal network is invisible to the

outside ¨ Reuse IP address: Share a small pool of IP

addresses with a large number of hosts


How it works n  Two networks:

¨  Global network/External network: the Internet ¨  Private network/Internal network

n  Two sets of IP addresses: ¨  Public Internet address: Assigned by IANA ¨  Private address: 10/8, 172.16/12, and 192.168/16 are recommended to

be used

n  Stub routers: ¨  Perform mapping/translation of the two set of address ¨  ICMP message payload is also translated

n  Two types of assignment: ¨  Static address assignment: static mapping of public/private addresses ¨  Dynamic address assignment: mapping is dynamic, based on requests

and chosen from the available address pool


Three step operation n  Address binding:

¨  A private node IP address is associated with an external address.

¨  The router maintains a table recording the associations n  Address lookup and translation:

¨  Outgoing packets: source IP address is changed to the corresponding external address

¨  Incoming packets: destination IP address is changed to the corresponding private address

n  Address unbinding: ¨  When the session is over, the entry is removed from the table

and the external address is released for other connections to use


NAT: An Example

...

NAT enabled stub router

Private network

10.0.0.2 10.0.0.3 10.0.0.10

10.0.0.1

128.238.4.12 128.238.4.13 Public addr Private addr

128.238.4.12 10.0.0.2

The association table

src IP: 10.0.0.2

src IP: 128.238.4.12

Address pool


Port Address Translation

n  Port Address Translation (PAT) extends the notion of translation one step further by also translating transport identifiers (e.g., TCP and UDP port numbers, ICMP query identifiers).

n  PAT allows a set of hosts to share a single external address.

n  Note that PAT can be combined with Basic NAT so that a pool of external addresses are used in conjunction with port translation.


How PAT Works

n The association table: maintains mapping of IP address, port number, and ICMP query ID

n Outbound packets: translate the source IP address, source port number, ICMP query ID and related fields such as IP, TCP, UDP and ICMP header checksums.

n  Inbound packets: the destination IP address, destination transport identifier and the IP and transport header checksums are translated.


Other Issues for NAT

n  All ICMP error messages (with the exception of Redirect message type) will need to be modified, when passed through NAT: ¨  Destination-Unreachable, ¨  Source-Quench, ¨  Time-Exceeded, ¨  Parameter-Problem.

n  Change the original IP packet embedded in the payload of the ICMP error message. ¨  IP address and port numbers ¨  Checksums


Other Issues for NAT (II) n Security benefits:

¨ Restricts outside sessions’ access to internal hosts ¨ Can be used in conjunction with a firewall to filter

unwanted traffic n May not support security techniques that

depend on IP addresses n Computation intensive:

¨ search the headers, table lookup, change the headers, checksum computation, …

¨ The stub router becomes the performance bottleneck


Other Issues for NAT (III) n  Does not support applications with IP-address

content: e.g., SNMP n  Does not support applications with inter-

dependent control and data sessions: e.g. H.323, RTP

n  FTP: the client uses PORT command in the control TCP connection to identify the IP address and port number for the data connection

n  Solution: need special Application Level Gateways (ALG)


Socket Programming in a Nutshell n  Most of the applications are implemented using the

socket Application Programming Interface (API). n  TCP/IP protocols are implemented in the system

kernel. n  User applications can use the TCP/IP service through

the socket API.


Socket Programming for Applications

n  Each participating process in the application should create a socket, containing the IP address and a unique port number.

n  The application process can use the socket functions for sending or receiving data.

n  Three types of sockets for applications to use: ¨  TCP sockets, used to create a TCP connection ¨  UDP sockets, used to provide the datagram service ¨  Raw sockets, for applications to bypass the transport layer

protocols and use the IP datagram service directly n  Client-server architecture is used in socket programming.

8_WebDhcpNtpNat

Documents